[HAPROXY] websocket upgrade

Started by ninanoe, May 28, 2022, 02:51:09 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 28, 2022, 02:51:09 AM
So I have my HAPROXY working,  but meshcentral and camera systems need modern https websocket support. 

I found out I need to add some ACL to my config.   
https://github.com/opnsense/plugins/issues/2717

# ACL: Websocket_Upgrade
    acl acl_61bfe65d4066b0.98106842 hdr(Connection) -i Upgrade
    # ACL: Websocket
    acl acl_61bfe67f211b51.96043088 hdr(Upgrade) -i WebSocket
    # ACL: Websocket_WS
    acl acl_61c0e62bc10459.22208791 hdr_beg(host) -i ws
    # ACL: Emby_Webserver
    acl acl_5e811fc593d624.87923872 hdr_sub(host) -i example.com

Problem is ,  I do not know how to do this with the OPNsense haproxy gui ?   
Looks like adding some rule because in the example there are multiple ACL_nrs   for the same service. 

But I dont understand how to do this in the GUI,   and I cannot just create some random  acl_nrs ? 

June 09, 2022, 07:21:47 PM #1
I just pick up the following section and explain what he have done
Code Select
    # ACL: Websocket_Upgrade
    acl acl_61bfe65d4066b0.98106842 hdr(Connection) -i Upgrade
    # ACL: Websocket
    acl acl_61bfe67f211b51.96043088 hdr(Upgrade) -i WebSocket
    # ACL: Websocket_WS
    acl acl_61c0e62bc10459.22208791 hdr_beg(host) -i ws
    # ACL: Emby_Webserver
    acl acl_5e811fc593d624.87923872 hdr_sub(host) -i example.com

    # ACTION: Emby_Websocket
    use_backend Emby_Webserver if acl_61bfe65d4066b0.98106842 acl_61bfe67f211b51.96043088 acl_61c0e62bc10459.22208791
    # ACTION: Emby_WebServer
    use_backend Emby_Webserver if acl_5e811fc593d624.87923872

he already have a websock backend called "Emby_Webserver"

He created 4 condition
1. Name=Websocket_Upgrade, Condition type=Custom condition (Option pass-through), Option pass-through=hdr(Connection) -i Upgrade
2. Name=Websocket, Condition type=Custom condition (Option pass-through), Option pass-through=hdr(Upgrade) -i WebSocket
3. Name=Websocket_WS, Condition type=Custom condition (Option pass-through), Option pass-through=hdr_beg(host) -i ws
4. Name=Emby_Webserver, Condition type=Custom condition (Option pass-through), Option pass-through=hdr_sub(host) -i example.com

He created 2 rules
1. Name=Emby_Websocket, Test type=IF, Select conditions=Websocket_Upgrade+Websocket+Websocket_WS, Logical operator for conditions=AND, Execute function=Use Specified Backend Pool, Use backend pool=Emby_Webserver
2. Name=Emby_WebServer, Test type=IF, Select conditions=Emby_Webserver, Execute function=Use Specified Backend Pool, Use backend pool=Emby_Webserver

He put these 2 rule into Frontend: HTTPS (Front End HTTPS), with the following order
Emby_Websocket in front, then Emby_WebServer
October 04, 2022, 06:34:06 AM #2
thanks for this.... very interesting...

Been trying to get meshcentral working with the haproxy plugin for a while... but I've finally capitulated. While I've used haproxy for everything... seems meshcentral was a step too far. Could not get it to work cleanly no matter what I tried.
The plugin does not allow for custom config, which does not easily fit into the UI. Could not get windows clients to connect cleanly, amongst other issues.

In the end, I used nginx proxy manager instead, and it worked a charm. I think swag would have worked easily as well. Seems to me as a homelab user, haproxy was making me go into a level of detail that was overwhelming. ngingx seemed to have a simpler more well documented approach. The haproxy docs were opaque.

Thank you haproxy plugin for taking me this far... its been a good ride.

May 08, 2024, 10:55:43 AM #3
@Bunch thanks a lot.
With your instructions it worked immediately.
Print
Go Up Pages1
User actions